PROACTIVE SYSTEM AGAINST MALICIOUS PROCESSES BY INVESTIGATING THE PROCESS BEHAVIORS AND A METHOD THEREOF

摘要

PURPOSE: A proactive system against malicious processes by investigating the process behaviors is provided to accurately determine a malicious process by considering the state information of a process.;CONSTITUTION: A system call hooker(31) hooks a system call of an OS(Operating System). A system call storage(32) checks the process which request the system call and stores the system call request information as request information about the request process. A malicious process determiner(33) determines a distrust behavior of the system call request under the determination condition. The determination condition is composed of conditions which uses the request information of the hooking system call as variables. If the request of the system call is determined as a distrust behavior, a malicious process processor(34) blocks the request of the system call.;COPYRIGHT KIPO 2012